14:00:15 <njohnston> #startmeeting fwaas
14:00:19 <openstack> Meeting started Tue Nov 29 14:00:15 2016 UTC and is due to finish in 60 minutes.  The chair is njohnston. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:20 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:22 <openstack> The meeting name has been set to 'fwaas'
14:00:35 <njohnston> #chair SridarK yushiro xgerman
14:00:36 <yushiro> Hi, all
14:00:39 <openstack> Warning: Nick not in channel: SridarK
14:00:41 <openstack> Current chairs: SridarK njohnston xgerman yushiro
14:00:44 <tuhv> hi
14:00:58 <njohnston> Hello everyone!
14:01:03 <xgerman> Hi
14:01:12 <hoangcx> Hi
14:01:46 <njohnston> Lots of stuff to talk about, so let's get started
14:01:47 <chandanc> Hello
14:01:54 <njohnston> #topic Announcements
14:02:05 <njohnston> #link https://www.openstack.org/ptg/ The PTG is coming - registration is open.
14:02:05 <SridarK> Hi All
14:02:12 <yushiro> Hi
14:02:14 <SarathMekala> Hi all O/
14:02:40 <njohnston> I don't think I am going to be able to make it to the PTG, but you never know.  It's a tough time for company budgeting.
14:03:15 <njohnston> also
14:03:16 <njohnston> Upcoming migration from Trusty to Xenial as the default build for newton+ - something to keep an eye on.
14:03:24 <SridarK> on the PTG - we can make a call on this - from a FWaaS perspective - we can see how many of us can actually make it
14:03:43 <SridarK> we can always opt for something virtual in case f2f is an issue for many
14:03:58 <xgerman> njohnston: we can all share a air bob
14:04:01 <yushiro> hmm, I'm not sure I can go PTG.  But I'll try to register travel support :)
14:04:09 <njohnston> I plan on reviewing our configs in project-config to see what the exposure is for us with the xenial change.  I don't think it is much, since we have had plenty of project-config changes that have tended to put in xenial recently.
14:04:17 <SridarK> the key may be how much we need to discuss with neutron
14:04:36 <njohnston> #action njohnston to look at project-config for xenial impacts for fwaas
14:04:43 <SridarK> xgerman:  and someones private jet to get there :-)
14:05:08 <SridarK> njohnston: i thought we were on xenial
14:05:21 <njohnston> For many jobs we are, but I want to check all the jobs to be sure
14:05:29 <SridarK> ok
14:05:31 <njohnston> like I don't recall if the functional is on xenial or not
14:06:01 <njohnston> Any other announcements?
14:06:20 <njohnston> ok, moving along
14:06:23 <njohnston> #topic Stadium Compliance
14:06:48 <njohnston> so here are the outstanding items
14:06:52 <njohnston> D2 (api-ref): Waiting on API spec to merge.
14:07:00 <njohnston> #link https://review.openstack.org/391338 FWaaS v2 API reference
14:07:04 <SridarK> i think we are further along
14:07:06 <njohnston> #link https://review.openstack.org/389388 Migrate neutron-fwaas API definitions to neutron-lib
14:07:36 <njohnston> I asked on the ocata assessment if we are correct that the api spec needs to wait for the assessment conclusion to merge, to make sure we're in sync with armax's thinking
14:07:38 <reedip> hi
14:07:44 <reedip> sorry , was a bit late
14:08:04 <SridarK> njohnston: it seemed that was the plan
14:08:13 <yushiro> reedip, NP :)
14:08:29 <njohnston> C4 (fullstack - non-critical): Waiting on OSC to merge and be released.
14:08:31 <SridarK> i guess we need the api ext to merge
14:08:48 <njohnston> I haven't really been doing much dev work on fullstack until the OSC merge happens.
14:08:58 <njohnston> #link https://review.openstack.org/394619 Add fullstack testing for neutron-fwaas
14:09:21 <njohnston> C5 (tempest): API merged, Scenario testing WIP (Sarath)
14:09:27 <njohnston> #link https://review.openstack.org/#/c/391392/ Tempest scenario testing for FWaaS v2
14:09:33 <njohnston> SarathMekala: How is that coming?
14:09:42 <SarathMekala> hi got some updates on this
14:09:54 <njohnston> FYI also, the tempest v2 tests are currently passing and voting in check and gate!
14:10:07 <xgerman> Yeah
14:10:13 <yushiro> +1
14:10:15 <SarathMekala> yes.. I depend on that for client
14:10:41 <SarathMekala> I am able to debug my tests now
14:10:42 <SridarK> SarathMekala: hmm u cannot use the interface defined in the v2 api tests ?
14:11:02 <SridarK> does it need the actual client ?
14:11:41 <SarathMekala> SridarK, the REST client you have defined for calling the FWaaS is needed by Scenario as well
14:11:53 <SarathMekala> to creates rules & policies e.t.c
14:11:59 <SridarK> SarathMekala: ok
14:12:05 <SridarK> and fwg
14:12:11 <SarathMekala> yes
14:12:36 <SarathMekala> I had solved quite a bit of blockers
14:12:59 <SarathMekala> like https://bugs.launchpad.net/devstack/+bug/1619554
14:12:59 <openstack> Launchpad bug 1622684 in OpenStack Compute (nova) "duplicate for #1619554 Keycode error using novnc and Horizon console" [Undecided,Invalid]
14:13:13 <SarathMekala> and scenario tests require certain parameters set in etc/tempest.conf like network.project_network_cidr_bits, validation.auth_method
14:13:22 <SarathMekala> I am expecting that these are available on the CI server. Will confirm with Yamamoto
14:13:51 <SridarK> SarathMekala: the cidr stuff is avail in tempest.conf
14:13:58 <SarathMekala> currently as debugging an issue which is preventing SSH access to the VM
14:14:07 <SarathMekala> ok
14:14:18 <SridarK> u can play with the block to create additionals networks/subnets
14:14:21 <SarathMekala> my devstack setup somehow was missing these parameters
14:14:32 <SarathMekala> yes SridarK I have figured it out
14:14:33 <SridarK> we can discuss this more
14:14:39 <SridarK> ah ok
14:14:42 <njohnston> SarathMekala: You can see what the CI server has in it's tempest.conf.  It's in logs/temoest_conf.txt.gz, like so: http://logs.openstack.org/92/391392/8/check/gate-neutron-fwaas-v2-dsvm-tempest-nv/dc8cc43/logs/tempest_conf.txt.gz
14:15:05 <SarathMekala> thanks njohnston I can use it for cross verification
14:15:19 <SarathMekala> i think i have figured out the required parameters
14:15:26 <SridarK> yes that will tell u what Jenkins is setting up
14:15:29 <SarathMekala> and am able to create FWG, rules e.t.c
14:15:42 <SarathMekala> the final step requires me to login to a VM and ping the other one
14:15:48 <SarathMekala> I am having an issue there
14:15:55 <SridarK> great, ok u are stuck on the nova piece
14:16:01 <SarathMekala> currently debugging that issue
14:16:07 <SarathMekala> yeah
14:16:51 <SridarK> SarathMekala: u can look for a sample with the v1 scenario tests as well
14:16:57 <SridarK> on this part
14:17:06 <SarathMekala> Yes SridarK I am looking at them
14:17:14 <SarathMekala> somehow my tests are not going through
14:17:26 <SarathMekala> in fact I was using the same method for connecting to the VM
14:17:38 <njohnston> OK, so SarathMekala and SridarK why don't you get together to hash this out
14:17:44 <SridarK> cool - let me know too - if u need another pair of eyes (not that i am tempest expert)
14:18:00 <njohnston> L1 (OSC): WIP (Yushiro)
14:18:07 <njohnston> #link https://review.openstack.org/351582 OSC patch
14:18:09 <SarathMekala> sure SridarK
14:18:11 <njohnston> How is that going yushiro?
14:18:13 <SarathMekala> the last patch I have pushed will pass till the VM connectivity
14:18:26 <SridarK> SarathMekala: ok
14:18:34 <yushiro> SarathMekala, I've updated some comments from reedip
14:18:38 <njohnston> I heard akihiro had not been as active recently, are things still moving forward well?
14:18:56 <yushiro> njohnston, Fortunately, I could meet him today.
14:19:03 <njohnston> oh, good!
14:19:05 <yushiro> njohnston, He was sick in these weeks.
14:19:19 <yushiro> But now, he is active :)
14:19:22 <yamamoto_> SarathMekala: which patch?
14:19:51 <yushiro> I told him about his utility patch to update and review my OSC patch.
14:20:08 <SarathMekala> yamamoto_ https://review.openstack.org/#/c/391392/
14:20:13 <SridarK> yushiro: the OSC utils - is that moving fwd
14:20:22 <SridarK> i think that is ur dependency
14:20:34 <yamamoto_> SarathMekala: thx
14:20:48 <SridarK> yamamoto_: thx
14:21:36 <yushiro> SridarK, yes, so, if Akihiro doesn't update his patch, I'll update it.
14:21:43 <SridarK> yushiro: ok perfect
14:21:56 <njohnston> Good!
14:22:06 <njohnston> So those are all the outstanding Stadium items.
14:22:15 <SarathMekala> yamamoto_, ur welcome. Please have a loot at the test_allow_icmp method
14:22:17 <yushiro> I'll add some core reviewer for my OSC patch.
14:22:25 <njohnston> yushiro: +1
14:22:46 <njohnston> We're closing in on O-2 in a couple of weeks, just to keep in mind for everyone.  We have good velocity but my goodness this cycle is short!
14:22:55 <yamamoto_> SarathMekala: i will look, but not this evening :-)
14:23:14 <SridarK> lets shoot to get our outstanding items for assesment closed this week
14:23:26 <SridarK> i think we need to discuss the multinode CI
14:23:37 <njohnston> Ah yes, I forgot about that
14:24:04 <SridarK> we still have failures on that
14:24:21 <njohnston> I want to look at how the multinode jobs differ from the regular jobs because I think there may be a discrepancy
14:24:27 <SridarK> ok
14:24:35 <njohnston> I looked in the logfiles and I did not see the fwaas plugin get loaded
14:24:49 <SridarK> hmm ok that can certainly be an issue
14:24:54 <njohnston> #action njohnston to investigate project-config setup for multinode jobs
14:25:37 <njohnston> chandanc: Did you get a chance to do any debugging?  Does that match with your observations?
14:25:45 <SridarK> ok hopefully this is fairly straightfwd now that u have determined the issue
14:26:21 <chandanc> Sorry i could not progress much last week, i jut looked at the logs and found that the tests were not even getting listed
14:26:30 <njohnston> yes
14:26:33 <chandanc> yes,
14:27:33 <njohnston> ok, moving on
14:27:35 <njohnston> #topic FWaaS v2
14:27:39 <SridarK> so basically for multinode, is it the case that we just one or more compute nodes ?
14:28:06 <njohnston> 2 compute nodes, one of which is also the controller
14:28:43 <SridarK> ok for the compute - we are really not that involved except if it is DVR
14:29:12 <njohnston> yes but the agent extension must still be loaded either way, yes?
14:29:17 <njohnston> on the compute
14:29:30 <xgerman> Yep. Needs to be on both
14:29:34 <SridarK> for L2 for sure
14:30:14 <njohnston> ok, so for FWaaS v2 other than the things in the stadium compliance list, I believe there are only 3 changes left for FWaaS v2
14:30:27 <njohnston> #link https://review.openstack.org/348177  neutron: IPtables enhancement for co-existence of SG and FWaaS v2 drivers (Chandan/Sarath)
14:30:48 <njohnston> Any progress on that chandanc and SarathMekala?
14:31:17 <chandanc> njohnston, sorry this week was abit busy for me, could not do much
14:31:37 <SarathMekala> I too could not spend time on this
14:31:52 <njohnston> No problem!  We'll get it. :-)
14:32:02 <SridarK> chandanc: i think u have review traction
14:32:02 <chandanc> sorry again
14:32:16 <reedip> can I help somewhere ? I am still trying to get my hands a bit dirty :)
14:32:23 <chandanc> yes, Will have some thing going this week for the iptables patch
14:32:34 <SridarK> and once this is in - the follow on items are really on neutron-fwaas
14:32:47 <SridarK> reedip: absolutely - welcome ur offer
14:33:01 <yushiro> reedip, great help :)
14:33:09 <SridarK> reedip: on that note thx for ur great reviews
14:33:35 <reedip> SridarK : np , just trying to tighten the bolts :)
14:33:41 <SridarK> :-)
14:33:42 <njohnston> reedip: I think keeping up with your awesome reviews are the main thing at the moment - we have things we want to build on top of FWaaS v2, but with this being such a short cycle I think that anything that isn't already started may not make it into Ocata.
14:34:09 <njohnston> #link https://review.openstack.org/323971  neutron-fwaas: FWaaS v2 extension for L2 agent (Yushiro/Paddu)
14:34:24 <reedip> njohnston : agree, actually thats an issue with this cycle.. Ok let me focus myself on the reviews then ...
14:34:53 <SridarK> reedip: also we need to do more testing
14:35:13 <njohnston> I don't see padkrish... yushiro did you get a chance to do anything on the L2 extension?
14:35:21 <SridarK> on this, padkrish & i will sync up this week
14:35:34 <SridarK> there is a piece on the plugin interface
14:35:56 <SridarK> we will close that out in a day or two
14:35:58 <reedip> SridarK : ok , let me begin with the currently pending reviews  and the current tempest patches. Will get a better hang of the things
14:36:09 <SridarK> reedip: sounds good
14:36:41 <njohnston> SridarK: Will figuring out the plugin piece mean it is ready for final reviews?
14:36:52 <yushiro> njohnston, Yeah.  I'll join L2 agent patch again. SridarK , could you sync with me ?
14:37:01 <SridarK> well we will have a dependency on the L2 driver piece
14:37:15 <SridarK> until that happens we cannot move this fwd to final reviews
14:37:20 <njohnston> ok
14:37:35 <njohnston> a perfect segue
14:37:35 <njohnston> #link https://review.openstack.org/#/c/361071/ neutron-fwaas: FWaaS v2 driver for L2 ports (Chandan/Sarath)
14:37:44 <SridarK> we will not have an end 2 end until the L2 Driver (which depends on the neutron patch)
14:38:07 <SridarK> but lets close out the plugin interface
14:38:15 <chandanc> njohnston, no update yet, can will have some update this week
14:38:36 <SridarK> chandanc:, SarathMekala: i am thinking this should not be a major issue
14:38:43 <SridarK> once u have neutron patch in
14:38:43 <njohnston> chandanc: sounds good :-)
14:38:50 <reedip> guys, I will catch up with the logs .. need to leave , sorry :(
14:38:57 <SridarK> reedip: bye thx
14:38:57 <njohnston> thanks for joining reedip!
14:39:15 <chandanc> no, the second patch should not be an issue once the iptables part is fixed
14:39:32 <SridarK> chandanc: SarathMekala: this is not going to be too different from its L3 cousin
14:39:47 <njohnston> yep
14:40:15 <chandanc> yes, the co existence has to be handled by iptables manager
14:40:24 <chandanc> in neutron
14:40:57 <xgerman> Yes.
14:41:15 <SridarK> i think if we focus on this the week after (once multinode CI and tempest is done)
14:41:26 <chandanc> ok
14:41:30 <SarathMekala> sure
14:41:38 <njohnston> +1
14:41:51 <SridarK> even if we have something WIP, we can start some more testing
14:42:29 <xgerman> +1
14:42:38 <SridarK> Dec is filled with holidays and personal time off stuff for folks
14:43:08 <yushiro> Xmax and New year's day...
14:43:14 <SridarK> ok i had some more things on v2
14:43:19 <yushiro> s/Xmax/X'mas
14:43:30 <xgerman> And I am starting a new job...
14:43:54 <chandanc> xgerman, oh
14:43:56 <SridarK> anything other things on v2 that we need to wrap up
14:44:01 <SridarK> xgerman: ah congrats
14:44:14 <njohnston> Nothing else on FWaaS v2 from me
14:44:25 <xgerman> Thanks!
14:44:25 <SridarK> so few more things on v2
14:44:30 <SarathMekala> congrats xgerman
14:44:40 <chandanc> xgerman, congrats
14:44:46 <SridarK> we have a few more things defined on the spec
14:44:48 <yushiro> xgerman, great!
14:45:25 <SridarK> some are quite a bit more involved and perhaps need some use cases before we go out and implement them
14:45:51 <SridarK> IMHO, it will be good to put down some use cases first
14:46:06 <SridarK> and then assess the importance
14:46:23 <SridarK> before we go off and throw in a bunch of stuff
14:46:32 <njohnston> perhaos should we file bugs for them, detailing them separately so they can be attacked as independent pieces of work?
14:46:33 <SridarK> esp in Ocata our focus is stability
14:47:03 <SridarK> njohnston: yes we can do that - but lets first come up with a justification (via use cases)
14:47:13 <njohnston> yes
14:47:20 <SridarK> I think we should not really attempt them now
14:47:36 <SridarK> meaning attempt to implement them now
14:47:39 <njohnston> right
14:47:47 <SridarK> but lets do some due diligence on the use cases
14:47:47 <njohnston> just get organized for Pike
14:47:54 <SridarK> yes exactly
14:48:15 <SridarK> and possibly if we can get some user feedback
14:48:40 <SridarK> the PTG will not be much help for that
14:48:47 <SridarK> but possibly the summit
14:49:02 <SridarK> or whatever we call it now with the users
14:49:36 <SridarK> ok let me take a first pass on the items for discussion that is left over and we can discuss them
14:49:42 <SridarK> ok i am done
14:50:10 <njohnston> #topic neutron-lib
14:50:26 <njohnston> HenryG released 4 changes to neutron-lib - you may have seen the emails on openstack-dev ML
14:50:32 <njohnston> He graciously created changes for all stadium projects to keep up with them.
14:50:40 <njohnston> I want to be fully open so here they are for everyone's information:
14:50:49 <njohnston> #link http://lists.openstack.org/pipermail/openstack-dev/2016-November/108007.html "Adoption of db *_FIELD_SIZE constants from neutron-lib"
14:50:58 <njohnston> #link https://review.openstack.org/403316 HenryG's fix for FWaaS - MERGED
14:51:06 <njohnston> #link http://lists.openstack.org/pipermail/openstack-dev/2016-November/108005.html "Adoption of ExtensionDescriptor from neutron-lib"
14:51:15 <njohnston> #link https://review.openstack.org/403276 HenryG's fix for FWaaS - MERGED
14:51:21 <njohnston> I abandoned my change to do this https://review.openstack.org/392939 in favor of HenryG's.
14:51:30 <njohnston> #link http://lists.openstack.org/pipermail/openstack-dev/2016-November/107998.html "Removal of PLURALS"
14:51:38 <njohnston> #link https://review.openstack.org/403270 HenryG's fix for FWaaS - MERGED
14:51:49 <njohnston> #link http://lists.openstack.org/pipermail/openstack-dev/2016-November/108008.html "Removing deprecated model_base mixins from core"
14:51:57 <njohnston> We're already up to date with this!
14:52:03 <njohnston> so
14:52:07 <njohnston> We are now up to 31.2% neutron-lib conversion.
14:52:13 <SridarK> cool
14:52:16 <njohnston> #action njohnston to update fwaas neutron-lib punchlist
14:52:18 <yushiro> exellent
14:52:34 <njohnston> does anyone have any questions about all this?
14:52:37 <SridarK> and that is HenryG for u - will be missed immensely as he transitions
14:52:40 <njohnston> I realize it may seem esoteric
14:52:51 <njohnston> SridarK: absolutely
14:53:39 <njohnston> #topic Open Discussion
14:53:45 <njohnston> I put a section on https://etherpad.openstack.org/p/fwaas-meeting in case anyone wants to note when they will be offline for end-of-year vacation/holidays, below the notes for today's meeting.
14:54:11 <SridarK> lets pick up on the PTG discussion
14:54:16 <njohnston> Also, tuhv has a patch ready for reviews: https://review.openstack.org/#/c/389654/
14:54:29 <njohnston> SridarK: go ahead
14:54:31 <hoangcx> About performance improvement for FWaaS v1 and SG that we have discussed several weeks before: I and tuhv discussed with Kevin about starting with SG first but He wants to see the results on FWaaS as first step.
14:54:40 <hoangcx> So we are focusing on FWaaS v1 and the solution is ready for review.
14:54:48 <hoangcx> #link https://review.openstack.org/#/c/389654/
14:54:56 <hoangcx> Ah thank you njohnston
14:54:58 <SridarK> njohnston: is a no, yushiro: is a maybe, others if they can make it to the PTG ?
14:55:12 <njohnston> mfranc213 is also a no I am afraid
14:55:56 <yushiro> SridarK, I hope to join PTG, but I'm not sure... so, I'll try to register travel support program :)
14:56:10 <SridarK> hoangcx: so in this model we will use Netlink for FWaaS but iptables for SG ?
14:56:12 <hoangcx> SridarK, It quit hard this time as the same problem with njohnston (budget)
14:56:34 <SridarK> so we can evaluate a virtual meeting
14:58:00 <njohnston> 2 minutes left
14:58:04 <tuhv> Sridark, The Netlink is used to delete conntrack
14:58:17 <SridarK> tuhv: ok
14:58:29 <SridarK> let me go thru the changeset
14:58:29 <xgerman> But you could use it for more..
14:58:43 <tuhv> Sridark, SG can still uses conntrack-tools util they see the efficiency
14:58:43 <SridarK> to see how we can do this
14:59:07 <hoangcx> SridarK, Thanks! Appreciated
14:59:15 <tuhv> Sridark, thank you
14:59:21 <xgerman> +1
14:59:26 <yushiro> thanks
14:59:28 <SridarK> hoangcx: tuhv: lets add this to the agenda for next weeks mtg
14:59:34 <SridarK> so we can have more discussion also
14:59:39 <hoangcx> SridarK, sure!
14:59:45 <njohnston> Thanks everyone for joining!
14:59:49 <SridarK> but i will take a look
14:59:53 <tuhv> Sridark, thanks
14:59:54 <SridarK> in the meantime
14:59:55 <yushiro> Yes.
15:00:00 <njohnston> #endmeeting